Moderator
Need Help with page redirection...
Hey,
Basically here is the problem:
I have a list of links on a site called http:// xxx.com, say 400.
When someone clicks on a link they go to http:// xxx.com/redirect.php?http://link to site.com
That page will then redirect to http://link to site.com via
<meta http-equiv="refresh" content="5;url=url=.../>
The problem is what do I put between url= and /> ?
Net Builder
The way you propose is 1. harder to validate. 2. Someone could stick a cross site scripting attack in the url like redirect.php?<script>alert('xss');</script> . Your also missing an extra part of the query. You will need some thing for $_GET so maby use ?url=
so redirect.php?url=http://example.com
Then could get the url by doing
PHP Code:$toRedirect = $_GET['url'];
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3;URL={$toRedirect}\">";
But also you would have to validate it.. which is the hard part and I cannot think of anything at the moment quickly that would validate that.
Better to use an Integer for the $_GET. like redirect.php?id=1 . Then in your mysql query you can get the url by the example code below, Assuming in your mysql database table there is a field called "url" that has url like "http://example.com" and also an auto_incrementing field called "id".
Btw this code could have syntax error. I didn't run it. I just wrote it off the top of my head while posting this.
Of course there is many other things you could do like count hits to the link.PHP Code:<?php
$id = false;
// If ?id= is set is only a integer.
if(!empty($_GET['id']) && is_numeric($_GET['id'])) {
$id = $_GET['id'];
}
$sql = array();
$link = mysql_connect('localhost', 'database_user', 'database_password') or die('Could not connect: ' . mysql_error());
$db_selected = mysql_select_db('database_name',$link) or die(mysql_error());
sql = mysql_query('SELECT * FROM url_table WHERE id={$id}') or die("oops");
$toRedirect = mysql_fetch_assoc($sql);
// If id does not exist
if(!toRedirect) {
header('HTTP/1.0 404 Not Found');
exit('Not Found');
}
echo "<html><head><title>Redirection...</title>"
. "<meta http-equiv=\"refresh\" content=\"5;url={$toRedirect['url']}\"/>"
. "</head><body><h1>You being redirected to"
. "<a href=\"{$toRedirect['url']}\">{$toRedirect['url']}</a>"
. "</body></html>";
Submit new proxies-
WebEvader (3 October, 2009)
Moderator
Hmm, I can't do that since I don't have the id table.
Is there anyway in which I can just get the text after the '?' and redirect to that page ?
EDIT: Thanks Keldorn, I used your script and it's now working, i am also able to count the hits using some other snippets of code
If you look at WebEvader, every site which is not a premium listing and is clicked on goes to a loading page where it is then redirected...
Net Builder
Like I said you have to validate it.
Put this url into your browser..
Crafting that even more I could steal the cookies off your forum members by having them click and then hijack their profiles.Code:http://www.webevader.org/redirect.php?url="><script>alert(String.fromCharCode(88,83,83))</script>
For this case a good strip_tags(); might work
It also opens up your site to being a free spam relay.PHP Code:$toRedirect = strip_tags($_GET['id']);
Code:http://www.webevader.org/redirect.php?url=http://evilspamsite.com
Submit new proxies
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
Bookmarks